Sienna Meridian Satterwhite
6ec0f78a5b
Custom Pingora-based edge proxy for the Sunbeam infrastructure stack. - HTTPS termination: mkcert file-based (local dev) or rustls-acme ACME (production) - Host-prefix routing with path-based sub-routing (auth virtual host) - HTTP→HTTPS redirect, WebSocket passthrough - cert-manager HTTP-01 challenge routing via Kubernetes Ingress watcher - TLS cert auto-reload via K8s Secret watcher - JSON structured audit logging (tracing-subscriber) - OpenTelemetry OTLP stub (disabled by default) - Multi-stage Dockerfile: musl static binary on chainguard/static distroless image Signed-off-by: Sienna Meridian Satterwhite <sienna@sunbeam.pt>
68 lines
1.6 KiB
TOML
68 lines
1.6 KiB
TOML
# Local dev config for running sunbeam-proxy directly on macOS.
|
|
#
|
|
# Uses non-privileged ports (8080/8443) and a mkcert cert for localhost.
|
|
# Certs are generated once with:
|
|
# mkcert -cert-file certs/tls.crt -key-file certs/tls.key localhost 127.0.0.1
|
|
#
|
|
# Run with:
|
|
# SUNBEAM_CONFIG=dev.toml RUST_LOG=info cargo run
|
|
#
|
|
# Then test:
|
|
# curl -v http://localhost:8080/ # → 301 to https
|
|
# curl -vk https://localhost:8443/ -H "Host: docs.localhost" # → 502 (backend unreachable, routing works)
|
|
# curl -vk https://localhost:8443/.well-known/acme-challenge/test # → 404 (no active challenge)
|
|
|
|
[listen]
|
|
http = "0.0.0.0:8080"
|
|
https = "0.0.0.0:8443"
|
|
|
|
[tls]
|
|
cert_path = "certs/tls.crt"
|
|
key_path = "certs/tls.key"
|
|
|
|
[telemetry]
|
|
otlp_endpoint = ""
|
|
|
|
# Dummy routes that mirror production — backends won't be reachable locally
|
|
# but routing, TLS termination, and redirect logic are fully exercised.
|
|
|
|
[[routes]]
|
|
host_prefix = "docs"
|
|
backend = "http://127.0.0.1:9001"
|
|
websocket = true
|
|
|
|
[[routes]]
|
|
host_prefix = "meet"
|
|
backend = "http://127.0.0.1:9002"
|
|
websocket = true
|
|
|
|
[[routes]]
|
|
host_prefix = "drive"
|
|
backend = "http://127.0.0.1:9003"
|
|
|
|
[[routes]]
|
|
host_prefix = "mail"
|
|
backend = "http://127.0.0.1:9004"
|
|
|
|
[[routes]]
|
|
host_prefix = "chat"
|
|
backend = "http://127.0.0.1:9005"
|
|
websocket = true
|
|
|
|
[[routes]]
|
|
host_prefix = "people"
|
|
backend = "http://127.0.0.1:9006"
|
|
|
|
[[routes]]
|
|
host_prefix = "src"
|
|
backend = "http://127.0.0.1:9007"
|
|
websocket = true
|
|
|
|
[[routes]]
|
|
host_prefix = "auth"
|
|
backend = "http://127.0.0.1:9008"
|
|
|
|
[[routes]]
|
|
host_prefix = "s3"
|
|
backend = "http://127.0.0.1:9009"
|